CVE-2011-3583
published 2019-11-26CVE-2011-3583: It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL…
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.37%
68.5th percentile
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | 4.5.0 – 4.5.5 | — |
| typo3 | typo3 | 4.5.0 – 4.5.5 | — |
| typo3_core | typo3_core | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Typo3 SQL injection due to faulty prepared statements
osv·2022-04-22
CVE-2011-3583 [CRITICAL] Typo3 SQL injection due to faulty prepared statements
Typo3 SQL injection due to faulty prepared statements
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
GHSA
Typo3 SQL injection due to faulty prepared statements
ghsa·2022-04-22
CVE-2011-3583 [CRITICAL] CWE-89 Typo3 SQL injection due to faulty prepared statements
Typo3 SQL injection due to faulty prepared statements
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/cve-2011-3583https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682https://security-tracker.debian.org/tracker/CVE-2011-3583https://typo3.org/security/advisory/typo3-core-sa-2011-002/https://access.redhat.com/security/cve/cve-2011-3583https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682https://security-tracker.debian.org/tracker/CVE-2011-3583https://typo3.org/security/advisory/typo3-core-sa-2011-002/
2019-11-26
Published